DOCSLIB.ORG

Topics in Normal Bases of Finite Fields N. A. Carella

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Topics in Normal Bases of Finite Fields N. A. Carella Topics in Normal Bases of Finite Fields N. A. Carella Copyright 2001. All rights reserved. Table of Contents Chapter 1 Bases of Finite Fields 1.1 Introduction……………………………………………………………………………….2 1.2 Definitions and Elementary Concepts………………………………………………….....3 1.3 The Discriminants of Bases……………………………………………………………….7 1.4 Distribution of Bases…………………………………………………………………….10 1.5 Dual Bases……………………………………………………………………………….11 1.6 Distribution of Dual Bases…………….………………………………………………...16 1.7 Polynomials Bases……………………………………………………………………….17 Chapter 2 Structured Matrices 2.1 Basic Concepts…………………………………………………………………………..22 2.2 Circulant Matrices……….………………………………………………………………24 2.3 Triangular Matrices……………………………………………………………………...31 2.4 Hadamard Matrices……………………………………………………………………33 2.5 Multiplication Tables…………………………………………………………………….35 Chapter 3 Normal Bases 3.1 Basic Concepts………………………………………….……………………………….40 3.2 Existence of Normal Bases………………………………..……………………………..41 3.3 Iterative Construction of Normal Bases………………….……………………………...42 3.4 Additive Order and Decomposition Theorem…………….……………………………..44 3.5 Normal Tests……………………………………………….……………………………46 3.6 Polynomial Representations………………………………….………………………….48 3.7 Dual Normal Bases……………………………………………..………………………..51 3.8. Distribution Of Normal Bases…………………………………..………………………53 3.9 Distribution Of Self-Dual Normal Bases…………………………………………...…54 3.10. Formulae For Normal Elements/Polynomials………………….…………………..…57 3.11 Completely Normal Bases and Testing Methods……………………………………59 3.12 Infinite Sequences of Normal Elements/Polynomials………………………………...62 3.13 Characteristic Functions……………………………………………..…………….…64 3.14 Primitive Normal Bases……………………………………………..…………….…67 3.15 Applications Of Fractional Linear Transformations To Normal Bases…………….…68 Chapter 4 General Periods 4.1 Concept of Periods………………………………………………………………………72 4.2 Cyclotomic Periods…………………………………………………………………...…74 4.3 Cyclotomic Numbers…………………………………………………………………….76 4.4 Linear and Algebraic Properties of the Integers (i, j)……………………………………79 4.5 Characterization of the Periods………………………………………..………………80 4.6 Cyclotomic Numbers of Short Type……………………………………………………..81 4.7 Extension to the Ring Zr……………………………………..………..………………86 4.8 Extension of the Finite Field Fp………………………………………..……………...86 4.9 Exponential Sum Properties………………………………………….……………….87 Chapter 5 Periods Polynomials 5.1 Definition of Period Polynomials………………………………………………………92 5.2 Discriminant and Factorization of Period Polynomials…………………………………94 5.3 Period Polynomials of Low Degrees…………………………………………………..95 5.4 Period Polynomials of High Degrees…………………………………………………..101 5.5 Coefficients Calculations Via Power Sums Method…………………………………107 5.6 Sequences of Period Polynomials……………………………………………………110 Chapter 6 Periods Normal Bases 6.1 Definitions and Existence …….……………………………………………………114 6.2 Existence of Period Normal Bases……………………… …………………………115 6.3 Polynomial Representations of Periods…………………………….………………120 6.4 Dual Period Normal Bases………………………………………………….………122 Chapter 7 Period Normal Bases For Extensions Of Low Degrees 7.1 Quadratic Extensions……………………………………………………………….128 7.2 Dual Period Normal Bases of Quadratic Extensions ………...…………………….129 7.3 Multiplications in Quadratic Extensions……………………………………………131 7.4 Criteria For Cubic Nonresidues…………………………………………………….135 7.5 Period Normal Bases of Cubic Extensions…………………………………………136 7.6 Dual Period Normal Bases of Cubic Extensions……………………...……………138 7.7 Multiplications in Cubic Extensions………………………………………………..138 Chapter 8 Asymptotic Proofs 8.1 Primitive Polynomial with Prescribe Coefficients…………………………………..143 8.2 Primitive Normal Polynomial with Prescribe Coefficients ………………….……..153 References…………………………………………………………………………….165 Chapter 1 Bases of Finite Fields Bases of Finite Fields 1.1 Introduction This chapter introduces various fundamental ideas and terminologies essential for the understanding of vector representations of finite fields. The study of bases of vector space representations of finite fields and the corresponding computational algorithms is an extensive and important subject. There are various methods of representing finite fields. The most common are vector spaces, cyclic representations, polynomial quotient rings, quotients of number fields, matrix representations, and binary representations respectively. These are listed here in order. ≅ ⋅⋅⋅ ∈ (1) Fqn { x = x0α0 + x1α1 + + xn−1αn−1 : xi Fq }, where {α0, α1, ..., αn−1} is a basis. ≅ ∪ (2) Fqn < ξ > {0}, where ξ is a generator of the multiplicative group of Fqn . ≅ (3) Fqn Fq[x]/(f(x)), where f(x) is an irreducible polynomial of degree n. ≅ (4) Fqn OK/(ℐ), where ℐ is a maximal ideal and OK is the ring of integers in a numbers field K. These representations are widely used in algebraic number theory. ≅ (5) Fqn { Subset of Nonsingular Matrices }. ≅ − φ → n (6) Fqn { l adic Vectors }, the vectors are defined by a function : Fqn Fl . Two instances are the 2−adic representation (binary): qn −1 (qn −1) / 2 qn −1 (qn −1) / 2 φ(x) = [(x + x +α n−1 ) / 2, ..., (x + x +α 0 ) / 2] , and the 3−adic representation: (qn −1) / 2 (qn −1) / 2 (qn −1) / 2 φ(x) = [(x +α n−1 ) , ..., (x +α1 ) , (x +α 0 ) ] α α α ∈ n where 0, 1, …, n−1 Fq are fixed. The fastest methods for addition and subtraction are implemented with vector space representations. And the fastest method for multiplications, divisions, discrete exponentiations, and certain root extractions are implemented with cyclic representations. In the other hand, the fastest algorithms for computing discrete logarithms in finite fields are implemented in polynomial quotient rings and quotient of number fields, see [1, Adleman and DeMarrais], [1, ElGammal] etc. Matrix representations have applications in the construction of hash functions, Copyright 2001. - 2 - Bases of Finite Fields pseudo numbers generators, and others, see [3, Gieselmann]. Normal bases, (which are vector space representations), and Binary representations are useful in polynomial factorizations, see [1, Nieterreiter], [1, Camion], and [1, Ganz]. Since additions and subtractions are highly efficient operations with respect to most bases, the main focus is on multiplication and multiplicative inverse algorithms with respect to the various bases of the finite fields Fqn over Fq. 1.2 Definitions and Elementary Concepts Several methods for identifying the bases of the vector space Fqn over Fq will be considered in this section. The notion of basis of a vector space has already appeared in this text. The concept of basis and the related idea of linear independence, (also algebraic independence), are recurrent themes throughout mathematics. ⊂ Definition 1.1. A subset of elements {α0, α1, ..., αn−1} Fqn is said to be a basis of the vector ∈ space Fqn over Fq if and only if every element α Fqn can be uniquely written as a linear combination α = a0α0 + a1α1 + ⋅⋅⋅ + an−1αn−1, where ai ∈ Fq. A redundant basis is a basis such that every element has a representation as linear combination but not necessarily unique. Some algorithms based on redundant bases are more efficient than those based on nonredundant bases. A redundant normal basis {α0, α1, ..., αn−1, 1} of Fqn over Fq is employed in [2, Gao, et al] to improve the exponentiation algorithm. A redundant normal basis permits multiple representations of the elements, e.g., 0 = α0 + α1, + ⋅⋅⋅ + α−n1 + 1 among others if q > 2. Redundant bases are also used to represent integers in fast exponentiation algorithms, and real/complex numbers in numerical algorithms which implement carry free arithmetic operations. Definition 1.2. Let {α0, α1, ..., αn−1} be a subset of Fqn . The regular matrix representation of i qi the set {α0, α1, ..., αn−1} is defined by the n×n matrix A = ( σ (α j) ) = ( α j ) . The matrix Copyright 2001. - 3 - Bases of Finite Fields α0 α1 α2 . αn−1 q q q q α0 α1 α2 . αn−1 A = q2 q2 q2 . q2 α0 α1 α2 αn−1 . qn−1 qn−1 qn−1 . qn−1 α0 α1 α2 αn−1 occurs very frequently in the analysis of bases and matrix representations of linear functionals in finite fields. Definition 1.3. A pair of bases {α0, α1, ..., αn−1} and {β0, β1, ..., βn−1} are equivalent if each βi = cαi for some constant c ∈ Fq. The equivalence class of each basis {α0, α1, ..., αn−1} can be viewed as a point in (n−1)- n−1 dimensional projective space P (Fqn ). Lemma 1.4. A subset {α0, α1, ..., αn−1} of elements of Fqn is a basis of the vector space Fqn over Fq if and only if the n×n regular matrix representation A associated to {α0, α1, ..., αn−1} is nonsingular. ∈ Proof: Suppose that {α0, α1, ..., αn−1} is a basis, and let β Fqn . Now consider the system of equations n−1 n−1 n−1 q q qn−1 qn−1 β = ∑biαi , β = ∑biαi , ..., β = ∑biαi . i=0 i=0 i=0 Since the subset of elements {α0, α1, ..., αn−1} is a basis, the system of equations, rewritten as a vector equation n−1 (β, β q , ..., β q )= Ab . has a unique solution b = (b0,b1,...,bn−1). This implies that the matrix A is nonsingular. Conversely, if the matrix A is nonsingular, then the above system of equations has a unique ∈ solution. This in turn implies that each β Fqn has a unique representation as a linear combination β = b0α0 + b1α1 + ⋅⋅⋅ + bn−1αn−1, bi ∈ Fq, so {α0, α1, ..., αn−1} is a basis. Lemma 1.5. (Basis lifting lemma) A basis {α0, α1, ..., αn−1} of Fqn over Fq is also a basis of Fqnk over Fqk for all integers k such that gcd(k, n) = 1. Copyright 2001. - 4 - Bases of Finite Fields ∈ Proof: Let a0, a1, ..., an−1 Fqk and consider the system of equations a0 α0 + a1α1 + a2 α2 + + an−1αn−1 = 0 qk qk qk qk a0 α0 + a1α1 + a2 α2 + + an−1αn−1= 0 q2k q2k q2k q2k a0 α0 + a1α1 + a2 α2 + + an−1αn−1= 0 . q(n−1 )k q(n−1 )k q(n−1 )k q(n−1 )k a0 α0 + a1α1 + a2 α2 + + an−1αn−1 = 0 Since gcd(k, n) = 1, the map i → ik is a permutation of {0, 1, 2, ..., n−1} and the matrices qi qik A = ( j ) and Ak = ( α j ) are just rows permutations of each other. Moreover, because the regular matrix representation A attached to this basis is nonsingular, it follows that the system of equations has only a trivial solution a = (a0,a1,...,an−1) = (0,0,...,0). This proves the linear independence of {α0, α1, ..., αn−1} over Fqk .
Load more

Recommended publications
  • The Sextic Period Polynomial Andrew J
    BULL. AUSTRAL. MATH. SOC. 11R20, 11L99 VOL. 49 (1994) [293-304] THE SEXTIC PERIOD POLYNOMIAL ANDREW J. LAZARUS In this paper we show that the method of calculating the Gaussian period poly- nomial which originated with Gauss can be replaced by a more general method based on formulas for Lagrange resolvants. The period polynomial of cyclic sextic fields of arbitrary conductor is determined by way of example. 1. INTRODUCTION Suppose p = ef + 1 is prime. Define the e cyclotomic classes where g is any primitive root modulo p. The Gaussian periods rjj are defined by (1.1) W The principal class Co contains the e-th power residues and the other classes are its cosets. The rjj are Galois conjugates and the period polynomial \Pe(X) is their com- mon minimal polynomial over Q. Gauss introduced the cyclotomic numbers (A,fc) determined, for a given g, by (h, k) = #{v e (Z/JIZ)* : v e Ch, v + 1 G Ck}. It follows that e-l (1.2) »?o»7/, = X; (&,%*+MM) Jfe=0 where S is Kronecker's delta and I — 0 or e/2 according as / is even or odd. The coefficients of ^s(X) in terms of p and the coefficients of the quadratic form 4p = A2 + 27B2 were determined by Gauss in Disquisitiones Arithmetical enough rela- tions exist to determine all (h,k) in terms of p, A, and B. The period polynomial's Received 10th May, 1993 Copyright Clearance Centre, Inc. Serial-fee code: 0004-9729/94 SA2.00+0.00. 293 Downloaded from https://www.cambridge.org/core.
    [Show full text]
  • Computing Isomorphisms and Embeddings of Finite
    Computing isomorphisms and embeddings of finite fields Ludovic Brieulle, Luca De Feo, Javad Doliskani, Jean-Pierre Flori and Eric´ Schost May 4, 2017 Abstract Let Fq be a finite field. Given two irreducible polynomials f; g over Fq, with deg f dividing deg g, the finite field embedding problem asks to compute an explicit descrip- tion of a field embedding of Fq[X]=f(X) into Fq[Y ]=g(Y ). When deg f = deg g, this is also known as the isomorphism problem. This problem, a special instance of polynomial factorization, plays a central role in computer algebra software. We review previous algorithms, due to Lenstra, Allombert, Rains, and Narayanan, and propose improvements and generalizations. Our detailed complexity analysis shows that our newly proposed variants are at least as efficient as previously known algorithms, and in many cases significantly better. We also implement most of the presented algorithms, compare them with the state of the art computer algebra software, and make the code available as open source. Our experiments show that our new variants consistently outperform available software. Contents 1 Introduction2 2 Preliminaries4 2.1 Fundamental algorithms and complexity . .4 2.2 The Embedding Description problem . 11 arXiv:1705.01221v1 [cs.SC] 3 May 2017 3 Kummer-type algorithms 12 3.1 Allombert's algorithm . 13 3.2 The Artin{Schreier case . 18 3.3 High-degree prime powers . 20 4 Rains' algorithm 21 4.1 Uniquely defined orbits from Gaussian periods . 22 4.2 Rains' cyclotomic algorithm . 23 5 Elliptic Rains' algorithm 24 5.1 Uniquely defined orbits from elliptic periods .
    [Show full text]
  • A Casual Primer on Finite Fields
    A very brief introduction to finite fields Olivia Di Matteo December 10, 2015 1 What are they and how do I make one? Definition 1 (Finite fields). Let p be a prime number, and n ≥ 1 an integer. A finite field n n n of order p , denoted by Fpn or GF(p ), is a collection of p objects and two binary operations, addition and multiplication, such that the following properties hold: 1. The elements are closed under addition modulo p, 2. The elements are closed under multiplication modulo p, 3. For all non-zero elements, there exists a multiplicative inverse. 1.1 Prime dimensions Nothing much to see here. In prime dimension p, the finite field Fp is very simple: Fp = Zp = f0; 1; : : : ; p − 1g: (1) 1.2 Power of prime dimensions and field extensions Fields of prime-power dimension are constructed by extending a field of smaller order using a primitive polynomial. See section 2.1.2 in [1]. 1.2.1 Primitive polynomials Definition 2. Consider a polynomial n q(x) = a0 + a1x + ··· + anx ; (2) having degree n and coefficients ai 2 Fq. Such a polynomial is called monic if an = 1. Definition 3. A polynomial n q(x) = a0 + a1x + ··· + anx ; ai 2 Fq (3) is called irreducible if q(x) has positive degree, and q(x) = u(x)v(x); (4) 1 and either u(x) or v(x) a constant polynomial. In other words, the equation n q(x) = a0 + a1x + ··· + anx = 0 (5) has no solutions in the field Fq. Example 1 (Irreducible polynomial).
    [Show full text]
  • Type-II Optimal Polynomial Bases
    Type-II Optimal Polynomial Bases Daniel J. Bernstein1 and Tanja Lange2 1 Department of Computer Science (MC 152) University of Illinois at Chicago, Chicago, IL 60607{7053, USA [email protected] 2 Department of Mathematics and Computer Science Technische Universiteit Eindhoven, P.O. Box 513, 5600 MB Eindhoven, Netherlands [email protected] Abstract. In the 1990s and early 2000s several papers investigated the relative merits of polynomial-basis and normal-basis computations for F2n . Even for particularly squaring-friendly applications, such as implementations of Koblitz curves, normal bases fell behind in performance unless a type-I normal basis existed for F2n . In 2007 Shokrollahi proposed a new method of multiplying in a type-II normal basis. Shokrol- lahi's method efficiently transforms the normal-basis multiplication into a single multiplication of two size-(n + 1) polynomials. This paper speeds up Shokrollahi's method in several ways. It first presents a simpler algorithm that uses only size-n polynomials. It then explains how to reduce the transformation cost by dynamically switching to a `type-II optimal polynomial basis' and by using a new reduction strategy for multiplications that produce output in type-II polynomial basis. As an illustration of its improvements, this paper explains in detail how the multiplication over- head in Shokrollahi's original method has been reduced by a factor of 1:4 in a major cryptanalytic computation, the ongoing attack on the ECC2K-130 Certicom challenge. The resulting overhead is also considerably smaller than the overhead in a traditional low-weight-polynomial-basis ap- proach. This is the first state-of-the-art binary-elliptic-curve computation in which type-II bases have been shown to outperform traditional low-weight polynomial bases.
    [Show full text]
  • Algorithms in Algebraic Number Theory
    BULLETIN (New Series) OF THE AMERICAN MATHEMATICALSOCIETY Volume 26, Number 2, April 1992 ALGORITHMS IN ALGEBRAIC NUMBER THEORY H. W. LENSTRA, JR. Abstract. In this paper we discuss the basic problems of algorithmic algebraic number theory. The emphasis is on aspects that are of interest from a purely mathematical point of view, and practical issues are largely disregarded. We describe what has been done and, more importantly, what remains to be done in the area. We hope to show that the study of algorithms not only increases our understanding of algebraic number fields but also stimulates our curiosity about them. The discussion is concentrated of three topics: the determination of Galois groups, the determination of the ring of integers of an algebraic number field, and the computation of the group of units and the class group of that ring of integers. 1. Introduction The main interest of algorithms in algebraic number theory is that they pro- vide number theorists with a means of satisfying their professional curiosity. The praise of numerical experimentation in number theoretic research is as widely sung as purely numerological investigations are indulged in, and for both activities good algorithms are indispensable. What makes an algorithm good unfortunately defies definition—too many extra-mathematical factors af- fect its practical performance, such as the skill of the person responsible for its execution and the characteristics of the machine that may be used. The present paper addresses itself not to the researcher who is looking for a collection of well-tested computational methods for use on his recently acquired personal computer.
    [Show full text]
  • Time Complexity Analysis of Cloud Data Security: Elliptical Curve and Polynomial Cryptography
    International Journal of Computer Sciences and Engineering Open Access Research Paper Vol.-7, Issue-2, Feb 2019 E-ISSN: 2347-2693 Time Complexity Analysis of Cloud Data Security: Elliptical Curve and Polynomial Cryptography D.Pharkkavi1*, D. Maruthanayagam2 1Sri Vijay Vidyalaya College of Arts & Science, Dharmapuri, Tamilnadu, India 2PG and Research Department of Computer Science, Sri Vijay Vidyalaya College of Arts & Science, Dharmapuri, Tamilnadu, India *Corresponding Author: [email protected] DOI: https://doi.org/10.26438/ijcse/v7i2.321331 | Available online at: www.ijcseonline.org Accepted: 10/Feb/2019, Published: 28/Feb/2019 Abstract- Encryption becomes a solution and different encryption techniques which roles a significant part of data security on cloud. Encryption algorithms is to ensure the security of data in cloud computing. Because of a few limitations of pre-existing algorithms, it requires for implementing more efficient techniques for public key cryptosystems. ECC (Elliptic Curve Cryptography) depends upon elliptic curves defined over a finite field. ECC has several features which distinguish it from other cryptosystems, one of that it is relatively generated a new cryptosystem. Several developments in performance have been found out during the last few years for Galois Field operations both in Normal Basis and in Polynomial Basis. On the other hand, there is still some confusion to the relative performance of these new algorithms and very little examples of practical implementations of these new algorithms. Efficient implementations of the basic arithmetic operations in finite fields GF(2m) are need for the applications of coding theory and cryptography. The elements in GF(2m) know how to be characterized in a choice of bases.
    [Show full text]
  • Intra-Basis Multiplication of Polynomials Given in Various Polynomial Bases
    Intra-Basis Multiplication of Polynomials Given in Various Polynomial Bases S. Karamia, M. Ahmadnasabb, M. Hadizadehd, A. Amiraslanic,d aDepartment of Mathematics, Institute for Advanced Studies in Basic Sciences (IASBS), Zanjan, Iran bDepartment of Mathematics, University of Kurdistan, Sanandaj, Iran cSchool of STEM, Department of Mathematics, Capilano University, North Vancouver, BC, Canada dFaculty of Mathematics, K. N. Toosi University of Technology, Tehran, Iran Abstract Multiplication of polynomials is among key operations in computer algebra which plays important roles in developing techniques for other commonly used polynomial operations such as division, evaluation/interpolation, and factorization. In this work, we present formulas and techniques for polynomial multiplications expressed in a variety of well-known polynomial bases without any change of basis. In particular, we take into consideration degree-graded polynomial bases including, but not limited to orthogonal polynomial bases and non-degree-graded polynomial bases including the Bernstein and Lagrange bases. All of the described polynomial multiplication formulas and tech- niques in this work, which are mostly presented in matrix-vector forms, preserve the basis in which the polynomials are given. Furthermore, using the results of direct multiplication of polynomials, we devise techniques for intra-basis polynomial division in the polynomial bases. A generalization of the well-known \long division" algorithm to any degree-graded polynomial basis is also given. The proposed framework deals with matrix-vector computations which often leads to well-structured matrices. Finally, an application of the presented techniques in constructing the Galerkin repre- sentation of polynomial multiplication operators is illustrated for discretization of a linear elliptic problem with stochastic coefficients.
    [Show full text]
  • Hardware and Software Normal Basis Arithmetic for Pairing Based
    Hardware and Software Normal Basis Arithmetic for Pairing Based Cryptography in ? Characteristic Three R. Granger, D. Page and M. Stam Department of Computer Science, University of Bristol, MerchantVenturers Building, Wo o dland Road, Bristol, BS8 1UB, United Kingdom. fgranger, page, [email protected] Abstract. Although identity based cryptography o ers a number of functional advantages over conventional public key metho ds, the compu- tational costs are signi cantly greater. The dominant part of this cost is the Tate pairing which, in characteristic three, is b est computed using the algorithm of Duursma and Lee. However, in hardware and constrained environments this algorithm is unattractive since it requires online com- putation of cub e ro ots or enough storage space to pre-compute required results. We examine the use of normal basis arithmetic in characteristic three in an attempt to get the b est of b oth worlds: an ecient metho d for computing the Tate pairing that requires no pre-computation and that may also be implemented in hardware to accelerate devices such as smart-cards. Since normal basis arithmetic in characteristic three has not received much attention b efore, we also discuss the construction of suitable bases and asso ciated curve parameterisations. 1 Intro duction Since it was rst suggested in 1984 by Shamir [29], the concept of identity based cryptography has b een an attractive target for researchers b ecause of the p oten- tial for simplifying conventional approaches to public key based systems. The central idea is that the public key for a user is simply their identity and is hence implicitly known to all other users.
    [Show full text]
  • Lecture 8: Stream Ciphers - LFSR Sequences
    Lecture 8: Stream ciphers - LFSR sequences Thomas Johansson T. Johansson (Lund University) 1 / 42 Introduction Symmetric encryption algorithms are divided into two main categories, block ciphers and stream ciphers. Block ciphers tend to encrypt a block of characters of a plaintext message using a fixed encryption transformation A stream cipher encrypt individual characters of the plaintext using an encryption transformation that varies with time. A stream cipher built around LFSRs and producing one bit output on each clock = classic stream cipher design. T. Johansson (Lund University) 2 / 42 A stream cipher z , z ,... keystream 1 2 generator m , m , . .? c , c ,... 1 2 - 1 2 - m z = z1, z2,... keystream key K T. Johansson (Lund University) 3 / 42 A stream cipher Design goal is to efficiently produce random-looking sequences that are as “indistinguishable” as possible from truly random sequences. Recall the unbreakable Vernam cipher. For a synchronous stream cipher, a known-plaintext attack (or chosen-plaintext or chosen-ciphertext) is equivalent to having access to the keystream z = z1, z2, . , zN . We assume that an output sequence z of length N from the keystream generator is known to Eve. T. Johansson (Lund University) 4 / 42 Type of attacks Key recovery attack: Eve tries to recover the secret key K. Distinguishing attack: Eve tries to determine whether a given sequence z = z1, z2, . , zN is likely to have been generated from the considered stream cipher or whether it is just a truly random sequence. Distinguishing attack is a much weaker attack T. Johansson (Lund University) 5 / 42 Distinguishing attack Let D(z) be an algorithm that takes as input a length N sequence z and as output gives either “X” or “RANDOM”.
    [Show full text]
  • Polynomial Evaluation and Interpolation on Special Sets of Points
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Elsevier - Publisher Connector Journal of Complexity 21 (2005) 420–446 www.elsevier.com/locate/jco Polynomial evaluation and interpolation on special sets of points Alin Bostan∗, Éric Schost Laboratoire STIX, École polytechnique, 91128 Palaiseau, France Received 31 January 2004; accepted 6 September 2004 Available online 10 February 2005 Abstract We give complexity estimates for the problems of evaluation and interpolation on various polyno- mial bases. We focus on the particular cases when the sample points form an arithmetic or a geometric sequence, and we discuss applications, respectively, to computations with linear differential operators and to polynomial matrix multiplication. © 2005 Elsevier Inc. All rights reserved. Keywords: Polynomial evaluation and interpolation; Transposition principle; Polynomial matrix multiplication; Complexity 1. Introduction Let k be a field and let x = x0,...,xn−1 be n pairwise distinct points in k. Given arbitrary values v = v0,...,vn−1 in k, there exists a unique polynomial F in k[x] of degree less than n such that F(xi) = vi, for i = 0,...,n− 1. Having fixed a basis of the vector space of polynomials of degree at most n − 1, interpolation and evaluation questions consist in computing the coefficients of F on this basis from the values v, and conversely. ∗ Corresponding author. E-mail addresses: [email protected] (A. Bostan), [email protected] (É. Schost). 0885-064X/$ - see front matter © 2005 Elsevier Inc. All rights reserved. doi:10.1016/j.jco.2004.09.009 A.
    [Show full text]
  • On Security of XTR Public Key Cryptosystems Against Side Channel Attacks ?
    On security of XTR public key cryptosystems against Side Channel Attacks ? Dong-Guk Han1??, Jongin Lim1? ? ?, and Kouichi Sakurai2 1 Center for Information and Security Technologies(CIST), Korea University, Seoul, KOREA fchrista,[email protected] 2 Department of Computer Science and Communication Engineering 6-10-1, Hakozaki, Higashi-ku, Fukuoka, 812-8581, Japan, [email protected] Abstract. The XTR public key system was introduced at Crypto 2000. Application of XTR in cryptographic protocols leads to substantial sav- ings both in communication and computational overhead without com- promising security. It is regarded that XTR is suitable for a variety of environments, including low-end smart cards, and XTR is the excellent alternative to either RSA or ECC. In [LV00a,SL01], authors remarked that XTR single exponentiation (XTR-SE) is less susceptible than usual exponentiation routines to environmental attacks such as timing attacks and Di®erential Power Analysis (DPA). In this paper, however, we in- vestigate the security of side channel attack (SCA) on XTR. This paper shows that XTR-SE is immune against simple power analysis (SPA) un- der assumption that the order of the computation of XTR-SE is carefully considered. However we show that XTR-SE is vulnerable to Data-bit DPA (DDPA)[Cor99], Address-bit DPA (ADPA)[IIT02], and doubling attack [FV03]. Moreover, we propose two countermeasures that prevent from DDPA and a countermeasure against ADPA. One of the counter- measures using randomization of the base element proposed to defeat DDPA, i.e., randomization of the base element using ¯eld isomorphism, could be used to break doubling attack.
    [Show full text]
  • Not Always Buried Deep Paul Pollack
    Not Always Buried Deep Paul Pollack Department of Mathematics, 273 Altgeld Hall, MC-382, 1409 West Green Street, Urbana, IL 61801 E-mail address: [email protected] Dedicated to the memory of Arnold Ephraim Ross (1906–2002). Contents Foreword xi Notation xiii Acknowledgements xiv Chapter 1. Elementary Prime Number Theory, I 1 1. Introduction 1 § 2. Euclid and his imitators 2 § 3. Coprime integer sequences 3 § 4. The Euler-Riemann zeta function 4 § 5. Squarefree and smooth numbers 9 § 6. Sledgehammers! 12 § 7. Prime-producing formulas 13 § 8. Euler’s prime-producing polynomial 14 § 9. Primes represented by general polynomials 22 § 10. Primes and composites in other sequences 29 § Notes 32 Exercises 34 Chapter 2. Cyclotomy 45 1. Introduction 45 § 2. An algebraic criterion for constructibility 50 § 3. Much ado about Z[ ] 52 § p 4. Completion of the proof of the Gauss–Wantzel theorem 55 § 5. Period polynomials and Kummer’s criterion 57 § vii viii Contents 6. A cyclotomic proof of quadratic reciprocity 61 § 7. Jacobi’s cubic reciprocity law 64 § Notes 75 Exercises 77 Chapter 3. Elementary Prime Number Theory, II 85 1. Introduction 85 § 2. The set of prime numbers has density zero 88 § 3. Three theorems of Chebyshev 89 § 4. The work of Mertens 95 § 5. Primes and probability 100 § Notes 104 Exercises 107 Chapter 4. Primes in Arithmetic Progressions 119 1. Introduction 119 § 2. Progressions modulo 4 120 § 3. The characters of a finite abelian group 123 § 4. The L-series at s = 1 127 § 5. Nonvanishing of L(1,) for complex 128 § 6. Nonvanishing of L(1,) for real 132 § 7.
    [Show full text]